Nest: Add support for MAC algorithms in grammar

author Pavel Tvrdík <pawel.tvrdik@gmail.com>

Tue, 26 Jan 2016 15:45:13 +0000 (16:45 +0100)

committer Ondrej Zajicek (work) <santiago@crfreenet.org>

Wed, 2 Nov 2016 15:23:53 +0000 (16:23 +0100)
author Pavel Tvrdík <pawel.tvrdik@gmail.com>
Tue, 26 Jan 2016 15:45:13 +0000 (16:45 +0100)
committer Ondrej Zajicek (work) <santiago@crfreenet.org>
Wed, 2 Nov 2016 15:23:53 +0000 (16:23 +0100)
diff --git a/nest/config.Y b/nest/config.Y

index 3e76581a33bc3941df965727ad0fcacfd8978c57..878224fea4baabc7a9460689da5562a0df5f019b 100644 (file)
--- a/nest/config.Y
+++ b/nest/config.Y
@@ -13,6 +13,7 @@ CF_HDR
  #include "nest/password.h"
  #include "nest/cmds.h"
  #include "lib/lists.h"
+#include "lib/mac.h"
  
  CF_DEFINES
  
@@ -57,6 +58,7 @@ CF_KEYWORDS(ROUTER, ID, PROTOCOL, TEMPLATE, PREFERENCE, DISABLED, DEBUG, ALL, OF
  CF_KEYWORDS(INTERFACE, IMPORT, EXPORT, FILTER, NONE, TABLE, STATES, ROUTES, FILTERS)
  CF_KEYWORDS(RECEIVE, LIMIT, ACTION, WARN, BLOCK, RESTART, DISABLE, KEEP, FILTERED)
  CF_KEYWORDS(PASSWORD, FROM, PASSIVE, TO, ID, EVENTS, PACKETS, PROTOCOLS, INTERFACES)
+CF_KEYWORDS(ALGORITHM, KEYED, HMAC, MD5, SHA1, SHA256, SHA384, SHA512)
  CF_KEYWORDS(PRIMARY, STATS, COUNT, FOR, COMMANDS, PREEXPORT, NOEXPORT, GENERATE, ROA)
  CF_KEYWORDS(LISTEN, BGP, V6ONLY, DUAL, ADDRESS, PORT, PASSWORDS, DESCRIPTION, SORTED)
  CF_KEYWORDS(RELOAD, IN, OUT, MRTDUMP, MESSAGES, RESTRICT, MEMORY, IGP_METRIC, CLASS, DSCP)
@@ -77,7 +79,7 @@ CF_ENUM(T_ENUM_ROA, ROA_, UNKNOWN, VALID, INVALID)
  %type <ro> roa_args
  %type <rot> roa_table_arg
  %type <sd> sym_args
-%type <i> proto_start echo_mask echo_size debug_mask debug_list debug_flag mrtdump_mask mrtdump_list mrtdump_flag export_mode roa_mode limit_action tab_sorted tos
+%type <i> proto_start echo_mask echo_size debug_mask debug_list debug_flag mrtdump_mask mrtdump_list mrtdump_flag export_mode roa_mode limit_action tab_sorted tos password_algorithm
  %type <ps> proto_patt proto_patt2
  %type <g> limit_spec
  
@@ -416,11 +418,13 @@ password_item_begin:
       }
       this_p_item = cfg_alloc(sizeof (struct password_item));
       this_p_item->password = $2;
+     this_p_item->length = strlen($2);
       this_p_item->genfrom = 0;
       this_p_item->gento = TIME_INFINITY;
       this_p_item->accfrom = 0;
       this_p_item->accto = TIME_INFINITY;
       this_p_item->id = password_id++;
+     this_p_item->alg = ALG_UNDEFINED;
       add_tail(this_p_list, &this_p_item->n);
     }
  ;
@@ -431,10 +435,24 @@ password_item_params:
   | GENERATE TO datetime ';' password_item_params { this_p_item->gento = $3; }
   | ACCEPT FROM datetime ';' password_item_params { this_p_item->accfrom = $3; }
   | ACCEPT TO datetime ';' password_item_params { this_p_item->accto = $3; }
+ | FROM datetime ';' password_item_params { this_p_item->genfrom = this_p_item->accfrom = $2; }
+ | TO datetime ';' password_item_params { this_p_item->gento = this_p_item->accto = $2; }
   | ID expr ';' password_item_params { this_p_item->id = $2; if ($2 <= 0) cf_error("Password ID has to be greated than zero."); }
+ | ALGORITHM password_algorithm ';' password_item_params { this_p_item->alg = $2; }
   ;
  
-
+password_algorithm:
+   KEYED MD5   { $$ = ALG_MD5; }
+ | KEYED SHA1  { $$ = ALG_SHA1; }
+ | KEYED SHA256        { $$ = ALG_SHA256; }
+ | KEYED SHA384        { $$ = ALG_SHA384; }
+ | KEYED SHA512        { $$ = ALG_SHA512; }
+ | HMAC MD5    { $$ = ALG_HMAC_MD5; }
+ | HMAC SHA1   { $$ = ALG_HMAC_SHA1; }
+ | HMAC SHA256 { $$ = ALG_HMAC_SHA256; }
+ | HMAC SHA384 { $$ = ALG_HMAC_SHA384; }
+ | HMAC SHA512 { $$ = ALG_HMAC_SHA512; }
+ ;
  
  /* Core commands */
  CF_CLI_HELP(SHOW, ..., [[Show status information]])
diff --git a/nest/password.h b/nest/password.h

index a45261e6bfaadc55530b0a6ac9a4e74e6bcc3787..7392389b61db31c7f1d96b6b5b2f0a0b1b4d44e5 100644 (file)
--- a/nest/password.h
+++ b/nest/password.h
@@ -9,12 +9,15 @@
  
  #ifndef PASSWORD_H
  #define PASSWORD_H
+
  #include "lib/timer.h"
  
  struct password_item {
    node n;
-  char *password;
-  int id;
+  char *password;                      /* Key data, null terminated */
+  uint length;                         /* Key length, without null */
+  uint id;                             /* Key ID */
+  uint alg;                            /* MAC algorithm */
    bird_clock_t accfrom, accto, genfrom, gento;
  };
  
diff --git a/proto/rip/config.Y b/proto/rip/config.Y

index 083d2e91b15109d6977acf8438ec5e19fd7cd162..e15599e0e5ee44fe5b4fdb247808de6bce6735b0 100644 (file)
--- a/proto/rip/config.Y
+++ b/proto/rip/config.Y
@@ -147,7 +147,7 @@ rip_auth:
     NONE                        { $$ = RIP_AUTH_NONE; }
   | PLAINTEXT           { $$ = RIP_AUTH_PLAIN; }
   | CRYPTOGRAPHIC       { $$ = RIP_AUTH_CRYPTO; }
- | MD5                 { $$ = RIP_AUTH_CRYPTO; }
+ | MD5                 { $$ = RIP_AUTH_CRYPTO; }       /* For backward compatibility */
   ;
  
  rip_iface_opts:
author	Pavel Tvrdík <pawel.tvrdik@gmail.com>
	Tue, 26 Jan 2016 15:45:13 +0000 (16:45 +0100)
committer	Ondrej Zajicek (work) <santiago@crfreenet.org>
	Wed, 2 Nov 2016 15:23:53 +0000 (16:23 +0100)
nest/config.Y		patch \| blob \| blame \| history
nest/password.h		patch \| blob \| blame \| history
proto/rip/config.Y		patch \| blob \| blame \| history